commit aec1f3e913b7ad68299bc9a2ca584885f7a49dd3
author XiaokangQian <xiaokang.qian@arm.com> Wed Jan 26 06:57:00 2022 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Wed Jan 26 10:53:15 2022 +0000
tree eb6fa5094bbfa2c4ba7b7f49a07c6a28a426fcae
parent 7bae3b616c1ba9a3d4d4fbc17f0ebc5aafa46f15

Cookie fields are used only by DTLS 1.3

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 5e6a747..6bcbad0 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -559,6 +559,7 @@
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
     MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
     mbedtls_free( handshake->verify_cookie );
     handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
     if( handshake->verify_cookie == NULL )
@@ -571,6 +572,7 @@
 
     memcpy( handshake->verify_cookie, p, cookie_len );
     handshake->verify_cookie_len = (unsigned char) cookie_len;
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     return( 0 );
 }
@@ -1226,6 +1228,13 @@
         {
 #if defined(MBEDTLS_SSL_COOKIE_C)
             case MBEDTLS_TLS_EXT_COOKIE:
+                /*
+                 * Currently, we only support the cookies in DTLS 1.3.
+                 */
+#if !defined(MBEDTLS_SSL_PROTO_DTLS)
+                fatal_alert = MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
+                goto cleanup;
+#else
 
                 if( !is_hrr )
                 {
@@ -1242,6 +1251,7 @@
                                            ret );
                     goto cleanup;
                 }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
                 break;
 #endif /* MBEDTLS_SSL_COOKIE_C */